19 matches found
CVE-2024-22262 vulnerabilities
Vulnerabilities for packages: kayenta-fips, kayenta...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on t...
Security Bulletin: Vulnerability in UriComponentsBuilder affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in UriComponentsBuilder has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Exploit for CVE-2024-22262
Spring CVE-2024-22262 Proof of Concept This repo contains...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22262]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability in UriComponentsBuilder CVE-2024-22262. VMware Tanzu Spring Framework is used in our Speech Microservices. This...
Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-22259, CVE-2024-22243, CVE-2024-22262).
Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-22259, CVE-2024-22243, CVE-2024-22262. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...
Oracle Primavera Unifier (Jul 2024 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Integration Apache James MIME4J. Supported versio...
Oracle MySQL Enterprise Monitor (Jul 2024 CPU)
The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor component Spring Security. A remote unauthenticated attacker could gain unauthorized access t...
Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM Process Mining CVE-2024-22262
Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow a remote attacker to conduct phishing attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.6 for Spring Boot security update.
Red Hat build of Apache Camel 3.20.6 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...
CVE-2024-22262
creationtimestamp| type| source ---|---|--- 2024-04-18 04:35:44+00:00| seen| https://t.me/arpsyndicate/4683 2025-02-13 19:21:07+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4331 2025-09-18 10:00:00+00:00| seen|...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +36874 more potentially affected by CVE-2024-22262 via org.springframework:spring-web (>=1.2.1 <=5.3.33)
org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-22262 Source advisory: OSV:GHSA-2WRP-6FG6-HMC5...
CVE-2024-22262
Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...
CVE-2024-22262 CVE-2024-22262: Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...
CVE-2024-22262 CVE-2024-22262: Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...
VMware Spring Framework < 5.3.34, 6.0.x < 6.0.19, 6.1.x < 6.1.6 SSRF Vulnerability - Linux
The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework < 5.3.34, 6.0.x < 6.0.19, 6.1.x < 6.1.6 SSRF Vulnerability - Windows
The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...